教程:使用 RBAC 和 Azure 门户授予用户对 Azure 资源的访问权限Tutorial: Grant a user access to Azure resources using RBAC and the Azure portal

可以通过基于角色的访问控制 (RBAC) 方式管理对 Azure 资源的访问权限。Role-based access control (RBAC) is the way that you manage access to Azure resources. 在本教程中,你将授权用户在某个资源组中创建和管理虚拟机。In this tutorial, you grant a user access to create and manage virtual machines in a resource group.

本教程介绍如何执行下列操作:In this tutorial, you learn how to:

  • 在资源组范围内为用户授予访问权限Grant access for a user at a resource group scope
  • 删除访问权限Remove access

如果没有 Azure 订阅,可在开始前创建一个试用帐户If you don't have an Azure subscription, create a Trial before you begin.

登录 AzureSign in to Azure

通过 https://portal.azure.cn 登录到 Azure 门户。Sign in to the Azure portal at https://portal.azure.cn.

创建资源组Create a resource group

  1. 在导航列表中,单击“资源组”。In the navigation list, click Resource groups.

  2. 单击“添加”以打开“资源组”边栏选项卡。Click Add to open the Resource group blade.

    添加新的资源组

  3. 输入 rbac-quickstart-resource-group 作为资源组名称For Resource group name, enter rbac-quickstart-resource-group.

  4. 选择订阅和位置。Select a subscription and a location.

  5. 单击“创建” 以创建资源组。Click Create to create the resource group.

  6. 单击“刷新”以刷新资源组的列表。Click Refresh to refresh the list of resource groups.

    新资源组会显示在资源组列表中。The new resource group appears in your resource groups list.

    资源组列表

授予访问权限Grant access

在 RBAC 中,若要授予访问权限,请创建角色分配。In RBAC, to grant access, you create a role assignment.

  1. 在“资源组”列表中,单击这个新的 rbac-quickstart-resource-group 资源组。In the list of Resource groups, Click the new rbac-quickstart-resource-group resource group.

  2. 单击“访问控制(IAM)”。Click Access control (IAM).

  3. 单击“角色分配”选项卡以查看当前的角色分配列表。Click the Role assignments tab to see the current list of role assignments.

    资源组的“访问控制(IAM)”边栏选项卡

  4. 单击“添加” > “添加角色分配”以打开“添加角色分配”窗格。Click Add > Add role assignment to open the Add role assignment pane.

    如果没有分配角色的权限,则将禁用“添加角色分配”选项。If you don't have permissions to assign roles, the Add role assignment option will be disabled.

    添加菜单

    “添加角色分配”窗格

  5. 在“角色”下拉列表中,选择“虚拟机参与者”。In the Role drop-down list, select Virtual Machine Contributor.

  6. 在“选择”列表中,选择你自己或另一用户。In the Select list, select yourself or another user.

  7. 单击“保存”,创建角色分配。Click Save to create the role assignment.

    片刻之后,系统会在 rbac-quickstart-resource-group 资源组范围为该用户分配“虚拟机参与者”角色。After a few moments, the user is assigned the Virtual Machine Contributor role at the rbac-quickstart-resource-group resource group scope.

    “虚拟机参与者”角色的分配

删除访问权限Remove access

在 RBAC 中,若要删除访问权限,请删除角色分配。In RBAC, to remove access, you remove a role assignment.

  1. 在角色分配列表中,在具有“虚拟机参与者”角色的用户旁边添加复选标记。In the list of role assignments, add a checkmark next to the user with the Virtual Machine Contributor role.

  2. 单击“删除”。Click Remove.

    “删除角色分配”消息

  3. 在显示的“删除角色分配”消息中,单击“是”。In the remove role assignment message that appears, click Yes.

清理Clean up

  1. 在导航列表中,单击“资源组”。In the navigation list, click Resource groups.

  2. 单击 rbac-quickstart-resource-group,打开资源组。Click rbac-quickstart-resource-group to open the resource group.

  3. 单击“删除资源组”以删除该资源组。Click Delete resource group to delete the resource group.

    删除资源组

  4. 在“是否确实要删除”边栏选项卡上,键入资源组名称:rbac-quickstart-resource-groupOn the Are you sure you want to delete blade, type the resource group name: rbac-quickstart-resource-group.

  5. 单击“删除”以删除该资源组。Click Delete to delete the resource group.

后续步骤Next steps